[BBLISA] September meeting
Adam Moskowitz
adamm at menlo.com
Thu Sep 3 08:25:20 EDT 2015
Wednesday, September 9th, 2015
MIT Building E-51, room TBA
7:00 Introductions, announcements, open discussion
7:30 Formal presentation
"Why we can't have nice things. A tale of woe and hope for the future"
Pete Cheslock, Threat Stack
Computers are hard, and security is even harder. While you're building a
bespoke host-based intrusion detection system to monitor for advanced
persistent threats, vulnerabilities are uncovered in 30-year-old core
Unix programs. Even worse, the same junior level operations engineer who
can (accidentally) provision thousands of systems and blow your budget
away, is the same person who can make one small change to a security
group which now allows all access to your back-end systems.
The cloud is making it easier than ever to provision systems to meet
your infrastructure needs -- and to do so very quickly. Speed to market
is a major competitive advantage that many companies are leveraging
through the concept of Infrastructure as Code. Provisioning hundreds or
thousands of compute instances in mere minutes is now considered an
everyday activity. Everyone wants to move fast.
The long contested battlefield of remote access to production machines
has only gotten uglier since the rise of The Cloud, which has
obliterated the line between building the system and running the system.
"Lock out the developers" is not an acceptable policy anymore.
Developers inherently build better systems when they experience running
them.
Continuous Integration. Continuous Deployment. But who (or what) is
continually monitoring the state of your operational security?
We'll discuss the role of security in this new *aaS landscape. We'll
talk about things to do when you have a dedicated InfoSec team, and
tools you can use when you don't. We'll explore what it means to build
in security in the same way you build in quality as part of your
continuous delivery pipelines. And how you can strengthen your security
posture while maintaining your ability to move quickly and deliver value
to your customers.
More information about the bblisa
mailing list